[Editor's note: At the Frontline is part of a joint interview that Security Technology & Design and SecurityInfoWatch.com do each month with a top-level security director. For the rest of this interview, see page 92 (the back page) of the March 2005 issue of Security Technology & Design magazine.]
Security Profile
Name: Mark J. Cheviron
Title:Company: Archer Daniels Midland Company
Years in industry: 10 years law enforcement, 25 years private industry
Number of facilities overseen: More than 1,500 facilities in approximately 60 countries.
ADM's e-ADM service offers "automatic inventory monitoring" as well as logistics management and reporting. Does security gain any benefit from these features, as far as tracking the security/integrity of product across the supply chain?
Yes. Any existing inventory and logistics management tool, which identifies locations and product handlers can also be utilized as a tool for the investigations conducted by the Corporate Security Department, and serves as a day-to-day systems test which will alert us to developing security concerns.
Do you believe the government is doing enough to help private industry protect the food supply, and if not, what more should it be doing?
The government has certainly been open to discussion concerning the threats to the food supply. Unfortunately, legal barriers exist that prevent effective information sharing that is critical to accurately define risk. Dollars spent on security must be surgically applied to efficiently and effectively mitigate those identified risks. Any other approach, i.e., across-the-board regulation, effectively damages our economy by increasing cost without effectively mitigating risk.
Does your position encompass the protection of proprietary information - processing specifics, formulas, etc? What advice would you give to end users who are struggling to find the best way to protect their company's proprietary information?
Among the most difficult of the legal barriers to effective information exchange with the government to identify real risk is the protection of proprietary information. OPSEC (Operational Security) plans must be integrated within any security effort. Sensitive Security Information (effectively any information that, if accessed by an adversary with the will to do harm, could contribute to either direct harm to the company or to an attack plan to harm the company) must be identified early in the planning process and procedures must be implemented to ensure that the information is protected from disclosure beyond those within the company (or outside the company in the case of collaborative relationships) with a legitimate "need to know".
How can a multi-site company best deal with identity management and access control?
Essentially, any person who accesses a company owned location should be screened in some manner to ensure that the person has legitimate business and is not a threat to the company. That screening process may include technology, i.e., smart cards, etc., or-and always most importantly-dedicated employees to observe and report suspicious situations or activity. The methodology/technology/procedure used to accomplish access control should be a business decision based on the risk and business profile of the facility in question.
How do plant worker safety operations integrate with the security and access control departments?
Security and access control issues are an extension of safety operations. Clearly, in an industrial setting, knowing where visitors are and that they are not in restricted access areas, is important to the safe operation of the facility. The most significant difference today is the need to ensure that employees are always aware of and attentive to "suspicious activity" and that they know what to do about it if and when it is observed.
What is the primary function of video surveillance in your security program? Have you integrated it successfully with other systems? If so, what do you believe are the main factors in the success of these integrations?
Video surveillance serves two primary functions: access control and documentation. Naturally, we rely on video for 'by-the-minute' monitoring of access points, restricted access areas, and areas targeted by criminal acts. On a daily basis, we rely on that information for the resolution of subsequent investigations. These cameras integrate the uniformed security guard service with investigations, and can be viewed by an investigator at any time - through remote access.
A better example of integration would be the installation of video cameras on remote port locations, as part of our compliance with the Maritime Transportation Security Act, and the ability to monitor those locations 24 hours a day from a digital feed to corporate headquarters.
What new technologies are you keeping an eye on for future use as the industry advances?
Certainly all security technology is evolving and improving. Personal identification systems integrated with access control technology, tamper evident seal technology and chem/bio/rad detection technology suitable for integration into industrial processes are all of great interest.
